Black Hat 2015: 5 Takeaways on Mobile App Security

Taking a Stand Again Hackers

Thought-leaders are taking a stand against malicious hackers.

Android, along with its partners and thought-leaders in the community, continue to make significant strides to protect against malicious hackers. At Android's very transparent "State of the Union" Black Hat presentation, Google's Adrian Ludwig outlined a series of steps Android has taken over the past few years to build their layered security model and increase their overall security posture. This included some significant data analysis to identify where so many potentially harmful apps (PHA) exist globally, what devices they run on, and even what types of signatures they give off that may be reused by other malicious apps. This has resulted in, amongst other things, a rapid deployment and upgrade in the security of Android developer and user services such as Google Play, Verify Apps and SafetyNet.

Overall, by leveraging the developer community and the power of a billion or so devices deployed worldwide, with the capability to harvest certain performance and security data from those devices, Android can continue to mature their shared security model and increase the overall security posture of their eco-system.

There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.

While Apple and Android's models are working fairly well for the user communities they are targeting, it's clear that there continue to be significant vulnerabilities in enterprise mobile app development. Developing secure mobile apps that protect companies from external threats and ensure that data privacy, security and regulatory demands are met is not an easy task.

The plane of vulnerability across corporate data extends significantly as soon as you include mobile in your portfolio. One of the most critical threats to enterprises comes from within – the mishandling and misappropriation of sensitive corporate data by employees. While Apple and Android continue to provide valuable tools and processes to help with security, it is ultimately up to the designers and developers of the apps and supporting infrastructure to understand, appreciate and code to the security and compliance standards set forth by the community at large.

In this slideshow, Robert McCarthy, technical advisor at Mobiquity, outlines five takeaways from this year's Black Hat 2015, particularly focusing on the differences in Apple and Android's security models – and how you should address them.

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ... More >>